Post navigation

On 16 August Wikileaks released an enormous collection of mysterious ‘insurance’ data on to the web.

The data was released in 3 sizeable torrent files alongside a message asking the people of earth to mirror the data far and wide.

The triumvirate of files are locked with NSA-approved AES encryption and weigh in at a beefy 3.6GB, 49GB and 349GB respectively.

Without a secret key to decrypt them (or a time machine and a very powerful computer) the files are useless blobs of ones and zeros that allow the safe dispersal of secret information beyond the reach of anyone who might want to interfere with Wikileaks.

For now we have no idea what is actually in these files, so they just loom like those enormous, brooding UFOs from Independence Day; casting their shadow over the world’s governments with their true purpose unconfessed.

El Reg speculates that the files are a warning shot across the bows of ‘anyone seeking to nobble either Julian Assange or Edward Snowden’ – a dead man’s switch that will unleash a payload of pay dirt if the anointed heroes of free speech ever release their grip on it.

Maybe El Reg is right but it seems to me that Wikileaks serves its aims by releasing information, not by withholding it. The idea that it would be prepared to sit indefinitely on half a terabyte of secrets somebody has asked it to leak just doesn’t ring true.

Besides, whatever you think of Julian Assange, Bradley Manning or Edward Snowden, it would be a stretch to accuse any of them of worrying unduly about personal safety.

I’m less sure about the second part, unless by “going on” Gizmodo meant to say “occupying the attention of 24 hour news by not changing airport”.

Does anyone really think that WikiLeaks would try to use blackmail to influence the outcome of poster boy Bradley Manning’s trial? Isn’t that exactly the kind of underhand and undemocratic behaviour the whistleblower website is trying to expose?

And does Snowden really need an internet time bomb while he’s enjoying the fortified hospitality of Vladimir “Ostrich Legs” Putin? Surely even a radical expansion of the US drone strike program is unlikely to take in Moscow.

No, I think WikiLeaks has already told us that this is information it will be releasing in due course (“upcoming publication data”).

Of course even if Wikileaks does publish the secrets in these files on its website, the insurance files themselves are still just scrambled noise unless it releases the keys as well. So perhaps we’ll never know what’s really in them. Maybe, as some have speculated, they actually do contain proof that every single episode of The X-Files was actually a documentary.

So, please, take a minute to share what you think is in the files. My money’s on cat videos.

If the files are what they are toted to be, I don't think it matters if they are encrypted, because someone could (and likely will) eventually crack them, and then that information will be in the wrong hands. (To assume that "NSA-approved AES encryption" will forever remain uncracked is just naive.) This should be treated as if the files were not encrypted at all, but then, the risk becomes that the files aren't what they're thought to be, and everyone gets ramped up over nothing.

I thought about mentioning that these are, effectively, in the public domain because as you say – it seems to me that at some point they will inevitably be decrypted with or without keys. Presumably WikiLeaks knows that too and since the whole point of WikiLeaks is to disseminate information rather than to withhold I imagine they don't care.

Then I looked into how long it would take a very, very powerful computer to hack a 256 bit AES encryption. I am not an encryption expert but broadly speaking it was considerably longer than the time it will take the universe to expand out to an almost featureless and uniform quantum foam.

That doesn't mean it won't be hacked next week of course but it did make me feel it was unlikely so I removed that bit of my article!

actually, you can crack them in short order with a rented super computer. you can literally rent supercomputers for about 30 cents a minute. with only a relatively small amount of money, these files can be cracked.

I'm sure every world power has already cracked these files and knows their contents. the question is though, if they find something in those files that they deem the public should not know at any cost, and if it's powerful enough to protect wikileaks from being attacked.

There is an interesting discussion on eetimes.com where they pitch a low ball estimate of 300,000 years simply to generate the power required to crack a 128 bit AES key given our current collective energy generation capacity, never mind the computing time itself.

And I don't believe WikiLeaks are protecting themselves from attack, they are, in their own words, insuring themselves. What they are insuring is that the information can get out somehow – not their ability to go unmolested.

If they are prevented from carrying out their work then these files give them a way to get the information can get into the public domain a different way.

Yes, it could be WikiLeak's way of giving the governments (who have the ability to crack the code) a "head's up" on the data and time to put together their responses before it is unencrypted and posted for everyone.

Not a chance any supercomputer (or every supercomputer ever made combined working together, plus all the PCs, Macs, Laptops, Cellphones ever made in human history — all working together simultaneously at the same time in parallel) can break 128-bit AES encryption in the next billion years.

Interestingly I saw a documentary about this kind of thing yesterday. Current super computers would not be able to crack the strongest encryption in our lifetime.

But it seems a quantum computer could crack any current encryption almost instantly. Well, if they were more available and unwieldy. But then, companies are apparently already using 'quantum' encryption to counter that.

Anyway, I'm not a scientist, so they might as well have been talking about bio neural gel packs.

Who anointed them, and by what authority? Self-anointed is closer the to the truth.

In any case, the entire "free speech" issue is a needless distraction from the real issue, which is the improprieties and excesses of the state. Mr. Assange and those like him are fighting a losing battle if they're pinning their hopes on the First Amendment. The free speech card won’t trump the state’s attempt to nail them. There are too many exceptions covered by the doctrine of non-protection of speech involving "national security" interests. When the state gets to define what is in the interest of "national security", it's game over for anyone who gets in the way.

The Government probably has a pretty good idea of what info Wikki Leaks has on them and they also know to keep some distance between from them.
Even the Government realizes that mutual respect (and distance) is better than becoming emblazoned in the kind of global scrutiny that the NSA/Snowden whistle-blowing scandal has wrought.
It's bad for business when your illegal operations become exposed.

The thing is, contrary to all the hero action movies, one person can do nothing. Well, nothing measurable anyways, until there is a sufficient following to provide the momentum for change.

My point is that it's up to the big players in this game to fight the meaningful battles and, hopefully, win the war against privacy intrusion.

Let's use Internet mail (base SMTP traffic)as an example. SMTP has never been secure even though the technology to change that protocol has existed since the protocol was invented. But have any of the big players made the necessary adjustments? Google? Yahoo? Microsoft? Anybody?

No, they haven't. Which begs the question – why not? I propose it's not related to money or backward compatibility or any of that other business or technical BS, it's because clear text messaging serves the security industry best. So, who's sleeping with who here?

Realize that it's not the little man like you and me who use email and other communication services that will change them to a secure model, it's the big companies that will need to lead the fight for secure communications. I'm just a dumb user on a severely limited budget. I have a small vote in the game. Until the big players are willing to carry the ball and tell the government legal beagles to go to hell we're all subject to government intercepting our communications and interpreting them as they see fit. Are you listening Google/Yahoo/Microsoft/etc.? The ball really is in your court. Play to win, for all of our sake.

So, what if everyone just didn't torrent the files and left them where they are? If they are insurance that information would get out should something happen to Julian Assange, Bradley Manning, or Edward Snowden.

Thanks for the info, I'm choosing not to waste my bandwidth to save their collective bacon.

We only have "free speech" (and other forms of free expression) within certain bounds.
We rightly have to stop short of libel, slander, defamation, racial abuse, sub judice breaches, child pornography, etc. And personally I always avoid religious abuse.
People like Assange, Snowden and Salman Rushdie will test the boundaries, in which case the law will take its course. Others, like the News of the World, know that what they are doing is wrong and illegal, but risk it because they expect financial rewards, in the hope that they are not caught.

Imagine a world where you would like to send someone a big file, but do not want anyone to know you are sending it to that person. So you send it to everyone.
So everyone that downloads that file is now a suspect or a member of Wikileaks depending on how you look at it.

I'm sure Assage will release the password in due time… However you can always use the rainbow tables method on AES encryption to decipher the algorithm. There are many website which offer the ability to run up to 500 Million decipher attempts every 17 minutes… this CPU out-sourcability through virtualization is going to improve over the next few years as well. It's just science, really.